1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-22 13:30:55 +01:00

Add actAsUser to API

Summary: createrevision creates the revision as the user which certificate is
used. Add a meta parameter to API calls named actAsUser so one user can create
revisions for someone else. Right now there is no authentication.

Test Plan: Called createrevision with one users cert and set actAsUser to
someone else. The revision was created as the actAsUser user.

Reviewers: epriestley, nh, jungejason

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: 1087
This commit is contained in:
Emil Hesslow 2011-11-07 15:11:25 -08:00
parent 7d2a18d883
commit 88dc9c471d

View file

@ -113,6 +113,10 @@ class PhabricatorConduitAPIController
// If we've explicitly authenticated the user here and either done // If we've explicitly authenticated the user here and either done
// CSRF validation or are using a non-web authentication mechanism. // CSRF validation or are using a non-web authentication mechanism.
$allow_unguarded_writes = true; $allow_unguarded_writes = true;
if (isset($metadata['actAsUser'])) {
$this->actAsUser($api_request, $metadata['actAsUser']);
}
} }
if ($method_handler->shouldAllowUnguardedWrites()) { if ($method_handler->shouldAllowUnguardedWrites()) {
@ -123,6 +127,7 @@ class PhabricatorConduitAPIController
if ($allow_unguarded_writes) { if ($allow_unguarded_writes) {
$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites(); $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
} }
try { try {
$result = $method_handler->executeMethod($api_request); $result = $method_handler->executeMethod($api_request);
$error_code = null; $error_code = null;
@ -187,6 +192,34 @@ class PhabricatorConduitAPIController
} }
} }
/**
* Change the api request user to the user that we want to act as.
* Only admins can use actAsUser
*
* @param ConduitAPIRequest Request being executed.
* @param string The username of the user we want to act as
*/
private function actAsUser(
ConduitAPIRequest $api_request,
$user_name) {
if (!$api_request->getUser()->getIsAdmin()) {
throw new Exception("Only administrators can use actAsUser");
}
$user = id(new PhabricatorUser())->loadOneWhere(
'userName = %s',
$user_name);
if (!$user) {
throw new Exception(
"The actAsUser username '{$user_name}' is not a valid user."
);
}
$api_request->setUser($user);
}
/** /**
* Authenticate the client making the request to a Phabricator user account. * Authenticate the client making the request to a Phabricator user account.
* *